SAProuter Remote Authentication Bypass (Note 1853140)

This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.

Synopsis :

The remote application is susceptible to an authentication bypass

Description :

The remote host has a version of SAProuter that is affected by an
authentication bypass vulnerability. When started with the '-X' flag,
SAProuter permits routing to itself given a 'saprouttab' that allows
access to its port. An unauthenticated, remote attacker can issue
commands to SAProuter.

See also :

Solution :

Restart SAProuter without '-X' and review the permissions in

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : false

Family: General

Nessus Plugin ID: 72263 ()

Bugtraq ID: 64230

CVE ID: CVE-2013-7093